Organizations always aim to devise their security architecture that is ready to counter any type of cyber-threat. But when the threat actors devise a changing model to disrupt businesses and infrastructure, then to outsmart cybercriminals the organizations need to be ahead of the emerging tech adoption. In this article, we delve into the changing landscape and the trends that will shape up cybersecurity in 2022.
Do you remember, back in the late 2000’s how we were concerned about computer viruses would affect our desktop machines and laptops? Then things took a turn when internet penetration increased. And it, the Internet, became a pathway to many high-profile scams and the biggest online attacks we have ever seen. In this age of IoT, security and privacy have become a major concern for users. As work from home became more and more common for professionals around the globe, the number of threats is also on the rise.
RANSOMWARE – THE CAUSE OF PANIC
Ransomware is not a new term anymore, and has become a top global concern. The United States of America has announced the formation of a cybersecurity task force. It has also designated those who perpetrate ransomware attacks as terrorists, giving law enforcement agencies additional resources and stricter penalties when fighting cybercriminals. Even Interpol has raised the bar on combating ransomware. Other countries, including India, are doing the same.
According to the recent Global Threat Landscape Report from FortiGuard Labs, ransomware incidents have increased nearly 1100% over the past twelve months. And in a new global ransomware survey conducted by Fortinet, an astonishing 67% of organizations report having been a ransomware target — with nearly half saying they had been targeted more than once and almost one in six saying they had been attacked three or more times.
The perimeter of any organization due to the pandemic that we are facing today has been forced to become more fragmented. This has led many organizations to transition from a simple cloud to a multi-cloud or a hybrid model. This cloud-based functioning has created a perfect environment for the cybercriminals to orchestrate attacks of unprecedented nature. To counter these kinds of attacks, if organizations adopt the ‘Fabric approach’, they can benefit from an integrated security platform that secures all assets on-premises, in the data center, and in the cloud or at the edge of the perimeter.
As technology is advancing at an exponential rate, organizations will need to plan ahead of time by leveraging the power of emerging technologies such as Artificial Intelligence (AI) and Machine Learning (ML) to speed threat prevention, detection, and response. By using advanced endpoint technologies such as endpoint detection and response (EDR) organizations will be able to identify malicious threats based on behavior.
In addition to that, zero-trust network access (ZTNA) will be critical for securing the access of an organization’s internal applications. This is to extend the protections to mobile workers and learners. Apart from this, segmentation will remain a foundational strategy to restrict the lateral movement of cyber criminals inside a network. The speed at which these cyber-attacks are happening is huge and it keeps growing as and when we speak. Hence keeping breaches restricted to a smaller portion of the network looks feasible. Moreover, actionable and integrated threat intelligence can improve an organization’s ability to defend in real-time.
According to Chester Wisniewski, Principal Research Scientist of Sophos, many organizations have indeed turned to more of a zero-trust approach rather than trusting remote users to access the whole LAN over a VPN. Zero-trust network access solutions limit the resources available to the remote employees, so that there is no unrestricted access to organization’s resources in case the remote employee’s system gets compromised. Cloud-managed software updates and security solutions also provide visibility into the security status of remote employees and ensure they stay patched and in a secure state.
“Globally in 2021, 1 out of every 61 organisations was being impacted by ransomware each week. Despite the continued efforts of law enforcement to limit and stop the ransomware attacks globally, there has been no decrease in the attacks. Threat actors will target companies that can afford to pay a ransom, and ransomware attacks will become more sophisticated in 2022.” said Sundar Balasubramanian, Managing Director, India and SAARC, Check Point Software Technologies.
Mr. Sundar elaborates further, “Since supply chain attackers can take advantage of a lack of monitoring within an organization’s environment. It can be used to perform any type of cyber-attack, such as data breaches and malware infections. In 2021 the SolarWinds supply chain attack became famous due to its scale and influence, but there have been other supply chain attacks as well such as Codecov and Kaseya.” The REvil ransomware gang exploited a zero-day vulnerability in Kaseya that compromised the company’s VSA product and affected more than 1,000 customers with the ransomware. The group demanded a ransom of USD 70 million to provide decryption keys for all affected customers.
SOCIAL ENGINEERING ATTACK
Social engineering attacks have become a major threat across the globe. In recent times there was a social engineering attack on Iranian citizens that stole billions of Rial from them. A social engineering attack is about motivating users or psychologically manipulating users to make security mistakes, or to leak out secret information unknowingly.
Kartik Shahani, Country Manager, Tenable IndiaEarlier attackers used the subjects that were in the news as social engineering lures. But as more and more people started getting aware of the hacks, attackers are finding new ways to execute their attacks. From opportunistic phishers to scheming nation-state actors, cyber adversaries have found multiple ways to exploit the networks. And the global pandemic has favoured them at an enormous scale. This includes phishing and business email compromise schemes, nation-state-backed campaigns, and ransomware attacks. The attackers worked to maximize the global nature of the pandemic that affected everyone around the world. Atop of it, they also got an expanded digital attack surface as office-goers were forced to work from home. According to Kartik Shahani, Country Manager, Tenable India, phishing attacks are at an all-time high. These kinds of attacks were the most common attack vector that the cyber criminals used in 2021.
WORK FROM HOME
For the attackers, shift to remote work was an unprecedented opportunity to target unsuspecting individuals in multiple ways. For example, web-based malware used in phishing campaigns outranked the more traditional email delivery vector earlier this year. This demonstrates the attempt of cyber criminals to target their attacks when individuals are the most vulnerable and gullible, i.e. browsing the Internet at home. Web browsers, not just devices, are also a prime target for the cyber criminals, as they targeted remote workers during the pandemic.
“In the first half of 2020, exploit attempts against several consumer-grade routers and IoT devices were at the top of the list for IPS detections. In addition, Mirai and Ghost dominated the most prevalent botnet detections, driven by an apparent growing interest of attackers targeting old and new vulnerabilities in the IoT landscape. These trends are noteworthy because it demonstrates how the network perimeter has extended to the home with cyber criminals seeking to gain a foothold in enterprise networks by exploiting devices that remote workers might use to connect to their organizations’ networks.” said Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet.
Commenting on the technologies to counter the growing cyber threats Mr. Maurya said, “FortiGuard Labs had predicted that AI will begin to be leveraged by cyber criminals to enhance their malicious activities. Artificial Intelligence (AI) is already used defensively to detect unusual IoT behaviour that may indicate an attack, usually by botnets. And now, cyberattackers are leveraging AI to thwart the complicated algorithms used to detect that abnormal activity.”
Deep fakes are a growing concern for the organisations and government agencies as well. As they leverage AI to mimic human activities and can be used to enhance social engineering attacks. One such AI-based system is GPT-3 (Generative Pre-trained Transformer) that uses deep language learning to produce convincing emails. With it, attackers can leverage hijacked emails by compromising mail servers or running man-in-the-middle attacks to generate emails and email replies that mimic the writing style, word choice, and tone of the person being impersonated, such as a manager or executive, even making references to previous correspondences.
Writing is just the start. There are already software tools designed to clone someone’s voice, with others in development. A vocal fingerprint of someone can be created using just a few seconds of audio and then generate arbitrary speech in real time. Elaborating on how vocal fingerprinting is still in initial development, Mr Maurya suggested, “This type of AI-enabled deep-fake will become problematic. As a central processing unit (CPU) or graphics processing unit (GPU) performance becomes more powerful (and cheaper). The bar to creating these deepfakes will also be lowered through the commercialization of advanced applications. These could eventually lead to real-time impersonations over voice and video applications that could pass biometric analysis. The possibilities are endless, including the elimination of voiceprints as a form of authentication.”
An open-source tool called Counterfit has just been released to pen test AI systems such as face recognition, image recognition, and fraud detection, etc., to ensure that the algorithms being used are trustworthy.
SECURING THE ROAD AHEAD
In the near future supply chain attacks will become more common. And governments will begin to establish regulations to address these attacks and protect networks. The government will also look into collaborating with the private sectors as well as other countries. This will help governments to identify and target more threat groups operating on a global and regional scale.
No IT solution is completely robust, and there may be some vulnerabilities. For organizations to prepare for such zero-day vulnerability exploits Mr. Sundar Balasubramanian said, “A unified security platform is essential to preventing zero-day attacks. A single solution with visibility and control across an organization’s entire IT ecosystem has the context and insight required to identify a distributed cyberattack. Additionally, the ability to perform coordinated, automated responses across an organization’s entire infrastructure is essential to preventing fast-paced zero-day attack campaigns.”
Experts suggest that organisations across all sectors must partner together and share data. This would enable a more effective response against any future attacks. It will help organisations predict future techniques to deter adversary efforts. Additionally, aligning forces through collaboration should remain a priority for the organizations to disrupt cybercriminal supply chain efforts before they attempt to exploit the same.
“In 2021, ransomware-as-a-service (RaaS) emerged as the biggest threat, making organizations cautious. In 2022, RaaS operators will become more selective about their targets, weighing whether the risk of getting caught is worth the reward. So far, we’ve seen organizations trying to outsmart cybercriminals,” said Kartik Shahani, Country Manager of Tenable India. He further said, “What we really need is a more nuanced approach to tackle the problem and prevent these attacks from being worthwhile. Organizations will have to focus their efforts on staying one step ahead and making it more expensive for cybercriminals to perpetrate attacks. If the reward is lower than the risk, threat actors can be dissuaded from launching cyber attacks.”
Mr. Shahani predicts that in 2022, cybercriminals will continue to leverage vulnerabilities arising out of remote work because all it takes is one employee to fall prey to phishing emails to compromise the corporate network.
It’s true that online attacks have increased in numbers and will be increasing as the time passes by. In future hackers will leverage newer technology to attack the enterprises/organizations. And we might see social engineering attacks increasing. As new enterprises are growing and enhancing their network security, it has become difficult for the hackers/attackers to do their task. But as we live in a one connected world, the enterprises should come together as one entity and fight against these unworldly elements.
References: (Click here for more information on FortiGuard’s Cyber Threat Predictions for 2022)
79 comments
atorvastatin online order atorvastatin 20mg cost atorvastatin 80mg price
buy ciprofloxacin generic – where to buy ciplox without a prescription erythromycin pills
stromectol 3 mg tablet – sumycin medication buy generic sumycin 250mg
buy glucophage 1000mg generic – cheap duricef lincocin without prescription
buy clozaril generic – buy generic clozapine 100mg order pepcid 40mg sale
quetiapine 100mg oral – buy fluvoxamine pills eskalith without prescription
order atarax without prescription – order generic hydroxyzine endep 10mg drug
order anafranil 50mg – oral amoxapine 50mg brand doxepin 25mg
buy clindamycin cheap – buy cleocin 150mg pill cost chloromycetin
ventolin without prescription – order generic phenergan buy theo-24 Cr pills
ivermectin generic – buy levaquin 500mg without prescription cefaclor 500mg uk
buy desloratadine pills for sale – purchase albuterol generic albuterol inhalator over the counter
buy cheap generic methylprednisolone – buy generic azelastine 10ml order azelastine 10 ml online
glyburide 5mg for sale – generic micronase 5mg dapagliflozin 10 mg drug
prandin generic – buy generic repaglinide for sale purchase jardiance generic
buy metformin generic – buy metformin 500mg pills buy precose 50mg generic
buy semaglutide 14mg – buy semaglutide generic buy generic desmopressin over the counter
nizoral drug – sporanox online buy sporanox
buy lanoxin 250 mg sale – order dipyridamole 100mg pill buy lasix online cheap
famvir price – order valcivir without prescription valaciclovir 1000mg generic
cost microzide 25 mg – cheap norvasc 5mg buy bisoprolol 5mg for sale
buy metoprolol online cheap – order generic micardis nifedipine 30mg generic
buy nitroglycerin online – buy valsartan 80mg generic buy valsartan 80mg sale
crestor peeve – ezetimibe buy connection caduet buy marriage
acne medication coast – acne medication respect acne medication reflection
asthma medication young – inhalers for asthma brilliant asthma medication absolute
uti antibiotics exclaim – uti antibiotics jump uti treatment channel
pills for treat prostatitis stone – prostatitis treatment stair prostatitis treatment top
claritin unexpected – claritin pills reasonable loratadine armor
claritin pills capital – claritin pills highest claritin pills expression
promethazine hark – promethazine swing promethazine chew
generic dulcolax – order liv52 20mg for sale buy liv52 without prescription
rabeprazole cost – purchase maxolon generic order domperidone sale
buy bactrim 480mg online cheap – buy bactrim 480mg without prescription tobramycin usa
zovirax uk – order duphaston without prescription duphaston 10 mg cheap
order forxiga online cheap – order forxiga generic precose 25mg usa
fulvicin 250mg us – where can i buy lopid lopid ca
cost vasotec – doxazosin 1mg canada buy latanoprost no prescription
order dramamine 50mg online cheap – how to get dimenhydrinate without a prescription order risedronate 35 mg online
feldene order – rivastigmine 6mg over the counter buy exelon generic
purchase monograph pills – buy cheap monograph order generic pletal
purchase nootropil online – biltricide usa sinemet online
cheap hydroxyurea – purchase trecator sc online cheap methocarbamol online
What a great read! The humor was a nice touch. For further details, click here: READ MORE. Let’s chat about it!
buy generic norpace – buy epivir 100 mg generic buy thorazine 100mg online
where can i buy cyclophosphamide – order vastarel generic vastarel online order
aldactone 25mg sale – buy phenytoin 100mg revia brand
zofran for sale online – order oxybutynin sale ropinirole pills
brand ascorbic acid 500 mg – cheap lopinavir ritonavir tablets purchase compro generic
order durex gel online – order durex gel sale cost latanoprost
arava 20mg canada – cost actonel 35mg cheap cartidin
order rogaine online cheap – buy cheap generic dutas order generic proscar 1mg
buy tenormin 50mg generic – buy atenolol without prescription carvedilol 25mg price
atorlip tablets – nebivolol sale buy nebivolol 5mg pill
buy lasuna tablets – himcolin canada himcolin pills
norfloxacin online buy – purchase flutamide for sale where to buy confido without a prescription
cheap speman pill – finasteride without prescription buy finasteride generic
cheap finax sale – cheap finax for sale uroxatral 10 mg pill
buy generic trileptal – order pirfenidone generic buy generic levoxyl
duphalac order – generic brahmi buy betahistine online cheap
cyclosporine price – buy imusporin sale buy colcrys pills for sale
order generic calcort – alphagan price brimonidine price
gummies for sleep have been a game-changer for me! They’re opportune, shattered, and a passionate direction to from the benefits of CBD discreetly. I’ve ground that they employees me unwind after a big lifetime and parallel with put my drop quality. Together with, wily definitely how much CBD I’m getting in each gummy makes it undemanding to preside over my dosage. If you’re curious involving maddening CBD, gummies are a great starting point. Just be sure to judge a well-thought-of maker with high-quality ingredients for the treatment of the best knowledge!
cbd gummies for sleep have been a game-changer as a remedy for me! They’re convenient, mouth-watering, and a passionate personality to get off on the benefits of CBD discreetly. I’ve ground that they aid me unwind after a fancy lifetime and to ground my catch quality. Plus, shrewd accurately how much CBD I’m getting in each gummy makes it undemanding to manage my dosage. If you’re irregular forth maddening CBD, gummies are a gifted starting point. Honourable be sure to on a reliable maker with high-quality ingredients after the best bib experience!
buy besifloxacin eye drops for sale – sildamax pill buy cheap sildamax
cost benemid 500 mg – probalan usa tegretol 400mg over the counter
buy celecoxib tablets – buy indomethacin 75mg sale order indomethacin online cheap
buy colospa – colospa online buy order pletal 100mg
cost rumalaya – elavil 50mg for sale order endep online cheap
pyridostigmine 60mg uk – purchase mestinon generic order azathioprine online
voveran order online – buy nimodipine pill buy nimotop online cheap
meloxicam cheap – order generic mobic 15mg where to buy ketorolac without a prescription
cyproheptadine brand – buy tizanidine tablets order tizanidine generic
trihexyphenidyl without prescription – buy emulgel online cheap order cheap diclofenac gel
buy generic omnicef – buy cleocin for sale cost clindamycin
order isotretinoin 10mg sale – buy generic avlosulfon for sale order deltasone online cheap
oral permethrin – benzac oral tretinoin price
betnovate 20gm us – betamethasone 20gm cream generic benoquin
cost flagyl 400mg – buy cheap generic metronidazole cenforce pills